ENH: Ability to remove all X-Krakend* headers from response

[meshenka]

The Krakend Gateway leaks it technology, i want to remove completely
X-Krakend, X-Krakend-Completed and any X-Krakend headers from the response

Describe the solution you'd like
a router configuration to be able to remove those headers

Describe alternatives you've considered
I already obfuscate the gateway version, outside of this new configuration the only option i can think of is putting an nginx in front of krakend to remove those header

Additional context

curl -v https://*********                      
* Host *******:443 was resolved.
* IPv6: (none)
* IPv4: **.***.**.***
*   Trying **********:443...
* Connected to ******** (********) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=**********
*  start date: Jul  9 20:08:55 2024 GMT
*  expire date: Oct  7 21:02:47 2024 GMT
*  subjectAltName: host "**************" matched cert's "*************"
*  issuer: C=US; O=Google Trust Services; CN=WR3
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://*************
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: **********]
* [HTTP/2] [1] [:path: *******]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET /****** HTTP/2
> Host: **************
> User-Agent: curl/8.6.0
> Accept: */*
> 
< HTTP/2 200 
< content-security-policy: default-src 'self';
< content-type: application/json; charset=utf-8
< referrer-policy: no-referrer
< vary: Origin
< x-content-type-options: nosniff
< x-correlation-id: **********************
< x-frame-options: DENY
< x-krakend: Version *****-v2.17.1
< x-krakend-completed: true
< x-xss-protection: 1; mode=block
< date: Fri, 12 Jul 2024 13:48:13 GMT
< via: 1.1 google
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
< 

< x-krakend: Version *****-v2.17.1
< x-krakend-completed: true

needs to go away

related to #445 but not quite what i need

[meshenka]

just submit a first idea, not sure it should be done like that. Let me know

[alombarte]

Hi @meshenka ,

Thanks for the associated PR #728. The truth is that Lura is not KrakenD. When KrakenD donated the framework to the Linux Foundation, a significant effort was made to "rebrand" everything in the source code and set it to Lura. KrakenD strings were removed from everywhere. This is the last thing standing, and it must go away.

While KrakenD (Enterprise) allows you to remove these headers (https://www.krakend.io/docs/enterprise/service-settings/response-headers-modifier/#example-remove-x-krakend-headers), and this is irrelevant to this conversation, Lura should not have any KrakenD string in the source code.

The future of Lura is removing all the routers and leaving the core packages only because it is not viable to maintain them all. The krakend headers will disappear from Lura when this is done.

[meshenka]

@alombarte thanks you doe the details, do we have any kind of ETA for this?

[alombarte]

Hi @meshenka. I don't know if other open-source contributors to Lura will volunteer in this (which is a major rework), but on my side, I can tell that this is not in my near plans. Not even close.